Your RSA-2048 keys break in 2030. Find every one of them before attackers do.
Malicious package

chai-defendernpm

Malicious code in chai-defender (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-10050
Immediate action
Remove the package, then rotate any secrets the build/runtime could reach.
npm uninstall chai-defender

What this malware does

On require('chai-defender'), index.js invokes launchDeflectBootstrap() which spawns a detached background node process running lib/caller.js. That process loads lib/initstate.js, which performs an HTTP GET against a hardcoded remote endpoint (http://check-server-state.vercel.app/server/v2) and passes the response body into new Function('require', <response>)(require), executing attacker-controlled JavaScript with access to Node's require in the installer's process. The package presents itself as a Chai assertions plugin ('Security-focused Chai assertions'), but this fetch-and-exec behavior is unrelated to any assertion functionality. The lib/ directory is padded with files whose names mimic the pino logger project (multistream.js, transport.js, redaction.js, levels.js, symbols.js, worker.js) and reference a non-existent./flowlimit.js module; these files are not wired into index.js and appear to exist to make the package look substantial while the real payload is lib/const.js + lib/initstate.js. Plain HTTP transport additionally exposes the eval channel to in-path payload injection. Any project that requires this package hands remote code execution to whoever controls check-server-state.vercel.app.

Malicious versions

5 flagged
1.0.0-beta.11.0.11.0.1-beta1.0.21.1.0

Indicators of compromise (SHA-256)

14f276305fd5e43b60bbfd1048d8792ef7f72734c28cfe533d368c0fc199a0fe
1fea9da4b149b2d4227fe03d74db2f07cc91a6fe818e53645540eea41b37bf35
4e0972a703e67bb7bc79d419129a0282f21015b6ca14e4e129950801e1aa392b
5830fd878c4ab10b095093a6596563d257d7af9779aa6247747b3804ee3a79f5
b3ed91a9065fe4f46b24038459cb3bbb21427289c79bb055100224a73375c049

Detection & response playbook

Typosquat
  1. Find it

    Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for chai-defender (5 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging chai-defender across your stack and pipelines.

  2. If you installed it — respond

    chai-defender is a typosquat — you almost certainly intended a legitimately-named package. Remove chai-defender, install the correct package, and rotate any secrets exposed during the install since post-install scripts may have already run.

  3. Did it already run?

    If chai-defender was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

  4. How O3 protects you

    O3 blocks chai-defender before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. chai-defender on npm has been identified as a malicious package (versions 1.0.0-beta.1, 1.0.1, 1.0.1-beta, 1.0.2, 1.1.0 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-009112IN-MAL-2026-009114IN-MAL-2026-009111IN-MAL-2026-009115IN-MAL-2026-009113

References

Credits

  • Amazon Inspector · finder

Detect & block this

O3 blocks chai-defender-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the malicious outbound activity and severs the channel.